[Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC

Charish Patel charish at bluefountainmedia.com
Wed Sep 28 16:11:23 UTC 2016

Hi folks,

I've been tasked with a migration of our servers and, as the subject implies, part of it involves a PDC and BDC that were set up before my time. However, I'm trying to accomplish a little bit more to give myself, the sysadmin, a little bit more automation capability:

·         Migrate the PDC and BDC both to new servers (part of this I've already done with copying /etc/passwd, group, shadow, and gshadow along with smb.conf, secrets.tdb and passwd.tdb. There is no LDAP and/or Kerberos configuration).

·         Upgrade the PDC and BDC to AD Controllers that will work in redundancy.

·         Updating our netlogon script to mount Samba shares based on the user logging in.

o   Part of this is getting a non-.bat script to work with both Windows and Mac (it's mostly a Windows environment, but we have 12 Macs as well). I was thinking something along the lines of trying to detect the OS via a fastscan with nmap and, based on the OS, kick off logon.bat (Windows) or login.sh (for Macs) in order to mount the network shares as well as pushing out an agent for that takes an inventory of the workstations logging in.

§  The Macs haven't been joined to the domain yet, but with the new Samba instances it's something I'm looking into doing.

·         The part that has me nervous: actually testing all this out. My biggest concern is if I spin up the new Samba AD controllers, it will interfere with the existing ones and thereby causing hell for my users. Is there any way to isolate the set up for testing so that, if it's successful, it'd just be a matter of shutting down the old PDC and BDC, spin up the new redundant AD controllers and have the users be able to continue working seamlessly.

This is my first time working with Samba to this extent and I've done some reading based on the documentation for Samba (specifically, https://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html) and random blogs, but wanted to see if someone could provide a more exact answer. I'm not necessarily looking for the exact commands, just a guideline from some folks who may have done something like this before. What I'm currently working with:

Old setup
                PDC is running on Samba 4.1.17 on top of Debian 8 with bind9 acting as the DNS server
                BDC is running on Samba 3.6.6 on top of Debian 7 with bind9 running as well, but the configuration seems to be the default

New setup
                Debian 8.6 with Samba 4.2.10 for both servers that the soon-to-be redundant AD Controllers will be sitting on.

Please let me know if more information is needed and MUCH appreciated in advance to those who can help!



More information about the samba mailing list